Google’s Project Zero security researchers have pointed out eleven high-impact security flaws in Samsung’s popular Android smart phone dubbed ‘the Samsung Galaxy S6 Edge,’ particularly related to device drivers and media processing.
Google’s Project Zero looks into vulnerabilities of the device made by Original Equipment Manufacturers or OEMs using the Android Open-Source Project (AOSP).
Natalie Silvanovich, an engineer at Google’s Android security team, noted in a blog post that Project Zero’s security researchers chose to test the Samsung Galaxy S6 Edge as the high-end device is quite popular among users.
“Having done some previous research on Google-made Nexus devices running AOSP, we wanted to see how different attacking an OEM device would be. In particular, we wanted to see how difficult finding bugs would be, what type of bugs we would find and whether mitigations in AOSP would make finding or exploiting bugs more difficult. We also wanted to see how quickly bugs would be resolved when we reported them,” the blog post read.
“We chose the Samsung Galaxy S6 Edge, as it is a recent high-end device with a large number of users.”
Google said that Samsung patched eight of the flaws in its October maintenance release and has promised to fix the remaining three, which were marked as less severe, later this month, reported the Guardian .
In an interview with The Inquirer , a Samsung spokesperson said, “At Samsung, maintaining the trust of our customers is a top priority. To deliver on this commitment, we launched a monthly Samsung Security Update program starting last October.
“In our first Security Update, we were able to provide solutions to eight of the more critical issues that were brought to our attention by Google as part of their 90-day reporting policy.
“The remaining three issues will be included as part of our November Security Update which will be rolling out over the next couple of weeks. Samsung encourages users to keep their software and apps updated at all times.”
A full report of the identified issues can be found on Project Zero team’s blog .